Free Malware Removal Forum

Welcome to MalwareRemoval.com,What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Been thrown this laptop by a family member to try and fix a search nu problem. They've had a few gos from another forum using OTL, but seem to have failed, so have asked for a slightly techier person to get involved. Thanks in advance!

Behaviour - Very Slow machine, had loads of trouble with Http/url links, search was redirected.Now: Slow machine for a quad core, especially on bootup, with something preventing deletion of certain registry keys apparent from System LooK to be Seach NU related.

Below are DDS logs, and a system look log , and a OTL scan with LOP check and Purity check set. Can't think what else to try.

Systemlook was run with the following code:filefind*Fun4IM**Bandoo**Searchqu**iLivid**whitesmoke**datamngr**trolltech*

diver79 wrote:Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Thanks for the help -it's been bugging me for a day now, trying to work out what has and hasn't been done.I've been told everything needed is already backed up, so it's now a challenge to me and those that kindly offer to help to determine what's gone on.

I don't know where/what has been tried, but there are quite a few OTL restore points in the system, and i've had 1 more go with OTL running the SQW7-Vista_x64.txt fix from a similar post after checking what it was trying to delete looked like the right components to be deleting, however it didn't appear to take all the reg files into account.

Running the other scan tools etc now - I'm hoping it's not a rootkit, but not being my machine i have no idea...

Connection Status:==============Localhost is accessible.LAN connected.Google IP is accessible.Google.com is accessible.Yahoo IP is accessible.Yahoo.com is accessible.

Windows Firewall:=============

Firewall Disabled Policy: ==================

System Restore:============

System Restore Disabled Policy: ========================

Action Center:============

Windows Update:============

Windows Autoupdate Disabled Policy: ============================

Windows Defender:==============WinDefend Service is not running. Checking service configuration:The start type of WinDefend service is set to Demand. The default start type is Auto.The ImagePath of WinDefend service is OK.The ServiceDll of WinDefend service is OK.

OK, logs look ok. I'm going to issue instructions to fix what I found in the OTL logs and then use Systemlook to search for remaining entries. Please delete the Systemlook file you used earlier. It appears to be the 32bit version and will not work correctly on this OS. Also delete the OTL file in the downloads folder and download a new one using the instructions below.

Files\Folders moved on Reboot...C:\Users\Andrew\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.File\Folder C:\Users\Andrew\AppData\Local\Temp\~DF09D1D95F909942CF.TMP not found!File\Folder C:\Users\Andrew\AppData\Local\Temp\~DF15CFD74927B2B53A.TMP not found!File\Folder C:\Users\Andrew\AppData\Local\Temp\~DF652ED08C2604978D.TMP not found!File\Folder C:\Users\Andrew\AppData\Local\Temp\~DFC4C17081B24C4C3A.TMP not found!C:\Users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.C:\Users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.C:\Windows\temp\etilqs_8vBFIjDRNHAgSpkPSaZE moved successfully.C:\Windows\temp\etilqs_aQoZN8E3usR5qH13Chq7 moved successfully.C:\Windows\temp\etilqs_e8dRu2yb0vfKapZwpGRK moved successfully.C:\Windows\temp\etilqs_NQhxRIyDhqWRjs8Y60HS moved successfully.C:\Windows\temp\etilqs_OdUCk3DssjMwsUQcEleW moved successfully.C:\Windows\temp\etilqs_UZidWVSwndF4uXQhSnZV moved successfully.

Files\Folders moved on Reboot...C:\Users\Andrew\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.File\Folder C:\Users\Andrew\AppData\Local\Temp\~DF3C122EE264422933.TMP not found!File\Folder C:\Users\Andrew\AppData\Local\Temp\~DF6B54DF238512EDCB.TMP not found!File\Folder C:\Users\Andrew\AppData\Local\Temp\~DFA6596A4D1D94FEE2.TMP not found!File\Folder C:\Users\Andrew\AppData\Local\Temp\~DFFB89EC2A5353BB57.TMP not found!C:\Users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.C:\Users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.C:\Windows\temp\etilqs_7fJ0tVbUH5ryVmu4Q0TZ moved successfully.C:\Windows\temp\etilqs_9NPkI6MXDbXIMOpXpqx6 moved successfully.C:\Windows\temp\etilqs_alMFXT2GMc4uPuzlXuIp moved successfully.C:\Windows\temp\etilqs_JFN5geh6W1pzbzG3QdOS moved successfully.C:\Windows\temp\etilqs_n6DGbdk0XPTGtpxY5hQm moved successfully.C:\Windows\temp\etilqs_ZvzdwmvSlds2Az5BFxmq moved successfully.

Searching for "Searchqu"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]@="ISearchQueryHelper"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]@="ISearchQueryHelper"[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]@="ISearchQueryHelper"

Who is online

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.